Page 82 - Cyber Warnings
P. 82
1. 80% businesses are not clear whether they need to appoint a data privacy officer; out of
those which have assigned, more than 60% have not clearly defined the roles and
responsibilities for the data privacy officer
2. 75% businesses (including financial institutions) still do not have a well-structured BC
and DR plan which is regularly tested and properly maintained
3. 70% businesses take backups of PII without ensuring additional safeguards for ensuring
safekeep of such confidential information (strong access control, encryption, IP access
rights violation, secure handling and disposal etc.)
4. 65% businesses do not take backups of their system images and database structures
(their focus is only on data)
5. 60% companies lack clarity on whether they are data processor or data controller and
what are their corresponding duties and limits of liability (in case of security
breach/unauthorized access or disclosure of the PII)
6. 50% companies which experience outage because of a security incident (ransomware)
does not disclose it
7. 35% companies back up their data to tapes but does perform restoration testing
8. 30% companies reported that their backup time exceeds the agreed window by at least
upto 2 hours
In fact, it’s advisable to maintain two separate sets of critical data backups –
1. Online (cloud hosted)
2. Media based (onsite and offshore)
With clearly defined backup and restoration schedules properly enforced. The aim is to
move from unstructured data repository oriented mindset to continuous data protection
(transaction level logs).
Business Continuity Planning
Business Continuity Planning is more than just a server backup with rotational media. It
requires identifying and then properly planning for all your mission critical systems (including
email and communication systems).
A solid business continuity plan consists of data availability, email access, global
communications and user training. In this writeup I am enlisting the processes involved and
the deliverables expected from Business Continuity Planning.
In short, there are four steps involved in establishing a BCP framework:
1. Identify the critical systems and functions as well their risks
2. Calculate the cost of downtime i.e. the potential impact (BIA) of outage of these critical
functions/systems
3. Identify the BC strategy based on the results of the BIA
82 Cyber Warnings E-Magazine February 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
